Every year as part of its SaaSOps Stars Awards, BetterCloud interviews some extraordinary SaaSOps standouts and customers to understand their challenges and the unique ways they tackle them. In the first installment of a new customer spotlight series, we’ll highlight how an established organization creatively integrates Active Directory for SaaS operations (SaaSOps) in pursuit of digital transformation and SaaS goals. We’ll also discuss how the organization is modernizing its legacy IT technology and processes into extraordinary SaaS operations.
Meet National Information Solutions Cooperative (NISC)
With more than 1,200 employees and contractors, two organizations founded in the 1960s merged to form National Information Solutions Cooperative (NISC) in 2000. They’re an information technology company that develops and supports hardware and software solutions for its member owners who are primarily utility cooperatives and broadband companies across the nation.
NISC prides itself in being an industry leader providing advanced, integrated IT solutions for subscriber billing, accounting, engineering, and operations, as well as many other leading-edge IT solutions that are both cloud-based and on-premise.
Continuing its technology leadership includes both services NISC offers to their members and customers, as well as to their employees.
NISC’s digital transformation to SaaS operations
One aspect that makes NISC a market leader is their on-prem infrastructure that runs cloud services sold to customers. This means NISC’s IT team must work with IT assets that are on-prem and in the cloud. Furthermore, as a cloud and technology provider themselves, they have the added obligation of providing the highest levels of reliability and availability.
So while they pursue digital transformation and increased SaaS adoption, they must strike the right balance of steady progress of modernizing without disruption.
Like most organizations with a decades-long history, the company has long relied on Active Directory as its single source of truth that secures and integrates with all corporate IT assets, regardless of whether it’s on-premise or a SaaS application that helps run enterprise IT.
Integrating Active Directory and SaaS
Like many organizations, NISC kept their own Microsoft Exchange server in the office. For years, the company managed the software and hardware updates themselves, as well as all email coming in and out of those servers.
To better support users and move email to Microsoft 365, they changed the email server over to a hybrid server and operated hosted email that synced on-premise. All the email accounts and individual user mailboxes resided in the cloud via Microsoft 365, but the company still managed distribution groups on premise.
NISC developed this approach after many years of managing their own Microsoft Exchange server because it used (and still uses) their distribution groups as security groups to access file permissions or grant on-premise application access. The ability to maintain those group memberships between the cloud and on-premise, as they always have done, is crucial to the company.
But the company wanted to sever the hybrid connection and eliminate the troublesome-to-manage hybrid server altogether. And since Microsoft Azure AD Connect only synchronizes Active Directory changes between on prem and the cloud, it doesn’t allow changes to things like group memberships in certain SaaS apps like what they really needed.
They found their answer in leading SaaS management platform BetterCloud.
Using BetterCloud’s Manage functionality, NISC can accomplish their larger digital transformation and SaaS goals while allowing them to permanently unplug that hybrid email server. Specifically, BetterCloud workflows now help maintain those important group distributions memberships between the cloud and on premise.
A creative solution to syncing group memberships with BetterCloud Workflows
In what they self-describe as a “roundabout way” of reaching their goals with distribution groups, NISC relies on scores of BetterCloud workflows. Fortunately, the company’s identity management solution does integrate with both Active Directory and BetterCloud.
NISC’s IT team synchronizes groups using automated workflows between the identity management solution and BetterCloud. Then the identity management solution pushes them to the on-premise Active Directory.
To preserve the existing group membership structure that is the keystone to IT and security operations, the company created two BetterCloud workflows for each group in their on-premise Active Directory:
- One “Add” workflow when a new user is added to an office group that adds them to the identity management and then into Active Directory.
- A “Remove” workflow does the same thing when a user leaves.
Certainly it took the IT team time and effort to create each “Add” and “Remove” per group on a one-by-one basis. But in the end, NISC’s BetterCloud workflows that integrated Active Directory and SaaS enabled the organization to reach a “set it and forget it” state.
Automating user lifecycle management
With the challenge of integrating Active Directory conquered, they set about automating onboarding and offboarding to reduce human error. They quickly took advantage of pre-built integrations, but not all apps had native integrations.
Building custom integrations using the BetterCloud API
NISC tells us there were two important apps that needed a custom integration.
First, they used the BetterCloud API to create and delete users in the notoriously challenging-to-automate Adobe Creative Cloud. Next, they had to build a custom integration with their corporate community. While the community platform is technically an off-the-shelf SaaS product, it’s not a commonly used application, which means there wasn’t a pre-built or native API connecting it to BetterCloud.
However, BetterCloud’s new Custom Triggers functionality took NISC to new levels of IT automation.
Automating mid-lifecycle username changes with Custom Triggers
NISC also found a creative way to manage last name changes and sync name changes in multiple systems. Previously, this mid-lifecycle management change was a manual process that required the end user to request the change and IT to make the changes within each application.
And while IT did its best to make all changes, they weren’t always made across all systems, leading the user to have to follow up or use outdated names on accounts.
Now, the IT team at NISC uses a BetterCloud custom integration with their identity management solution. When a username changes in Active Directory, the identity management solution uses a Custom Trigger that kicks off a workflow that executes the name change across all applications.
Key takeaways from NISC’s digital transformation
Many organizations founded prior to the SaaS revolution needn’t be encumbered by legacy processes. As we learned from NISC, coupling BetterCloud with some old-fashioned ingenuity empowers digital transformation for companies of all sizes. Using the BetterCloud API and Custom Triggers, you can build IT automation that meets unique requirements and modernize legacy processes into a thriving SaaS-powered workplace.
We’d like to extend a big thanks to Greg Hupke, Team Lead of Technical Services at NISC, for sharing this fantastic story to help pave the way for others.